Design of Digital Right Access Management System (DRAMS)

Abstract

To support electronic commerce, the Internet is an ideal platform for distributing information. While the Internet allows information to be transferred easily, it also raises concerns over digital rights management, especially access control. In the context of access control for Internet-based electronic commerce, we should consider two scenarios: the PULL and PUSH scenarios. In the PULL scenario, a client retrieves (pulls) information from a server. In the PUSH scenario, a server multicasts (pushes) information to the receivers. The aim of this project is to design a Digital Right Access Management System for these two scenarios. For the PULL scenario, a smart card-based system is investigated. Essentially, customers can download protected content files from a Web server and keep them in their terminals. Each content file is encrypted and only an authorized customer can obtain the decryption key from the content provider by using his/her smart card. Upon successful authentication, a customer receives the protected decryption key, which can only be accessed through his/her smart card. As each smart card is personal-based, other people cannot read the protected content file with the protected decryption key. A prototype system has been developed to evaluate the basic functions of this protection scheme. Furthermore, the prototype system can be integrated with the Millicent system for handling payments. A number of Java-based application programming interfaces have also been written for future development work. For the PUSH scenario, information is sent to a group of receivers using IP multicast. However the original IP multicast method does not address security. The major security problem is to control the access of multicasted data in an effective, efficient and scalable manner. To ensure that only the authorized recipients can read the media data sent to a communication group, data packets are usually encrypted with one or more secret key(s) shared between the sender and the authorized receivers. The technical challenge is that the system needs to address frequent membership changes. Specifically, if a new member joins or an existing member leaves a group, the respective secret key(s) must be changed to ensure that the new member cannot decrypt the data sent before his/her arrival and the old member cannot decrypt the data sent after his/her departure. Technically, this is referred to as re-keying. To handle a large group with frequent change of membership, a scaleable re-keying algorithm is needed. By combining the advantages of some centralized and distributed re-keying methods, an HRM (Hybrid Re-keying Mechanism) has been developed in this thesis. We have also developed an analytical model to evaluate the performance of HRM. Furthermore, we have compared HRM with several other re-keying methods by using computer simulations. Results indicate that HRM can give a better performance under many different situations.